# Report 2021-05

## News

 - [Your Car Is Spying on You, and a CBP Contract Shows the Risks](https://theintercept.com/2021/05/03/car-surveillance-berla-msab-cbp/)
 - [In China, the Smart TV watches you, shares IP address, Wi-Fi SSIDs, viewing habits, and more](https://www.theregister.com/2021/05/04/skyworth_gozen_smart_tv_privacy/)
 - [Mobile Apps Exposing AWS Keys Affect 100M+ Users’ Data](https://bevigil.com/blog/mobile-apps-exposing-aws-keys-affect-100m-users-data/)
 - [Vivint Smart Home to Pay $20 Million for Violating the Fair Credit Reporting Act](https://www.justice.gov/opa/pr/vivint-smart-home-pay-20-million-violating-fair-credit-reporting-act)
 - ['Phishing' Sites Buying Workplace Login Details Linked to Well-Funded Startup](https://www.vice.com/en/article/7kvvbb/argyle-payroll-login-phishing)
 - ["How Big Pharma Finds Sick Users on Facebook](https://themarkup.org/citizen-browser/2021/05/06/how-big-pharma-finds-sick-users-on-facebook)
 - [Intent to issue € 2,5 million fine to Disqus Inc](https://www.datatilsynet.no/en/news/2021/intent-to-issue--25-million-fine-to-disqus-inc/)
 - [A Dutch City Gets A €600,000 Fine For WiFi Tracking](https://hackaday.com/2021/05/08/a-dutch-city-gets-a-e600000-fine-for-wifi-tracking/)
 - [Foreign Intelligence Surveillance Court Rubber Stamps Mass Surveillance Under Section 702 - Again](https://www.eff.org/deeplinks/2021/05/foriegn-intelligence-surveillance-court-rubber-stamps-mass-surveillance-under)
 - [Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away](https://www.theregister.com/2021/05/07/schrems_slams_microsoft_eu_data/)
 - [NHS App gets go-ahead for vaccine passport use despite protest from privacy groups](https://www.theregister.com/2021/05/11/nhs_app_vaccine_passport_england/)
 - [Ford Patents Terrible Billboard Scanning Tech, Shows In-Car Ads](https://www.motor1.com/news/506493/ford-billboard-scanning-tech-patent/)
 - [Vizio Makes Nearly As Much Money From Ads and Data As It Does From TVs](https://arstechnica.com/gadgets/2021/05/vizio-tv-buyers-are-becoming-the-product-vizio-sells-not-just-its-customers/)
 - [Japan’s Rikunabi Scandal Shows The Dangers of Privacy Law Loopholes](https://www.eff.org/deeplinks/2021/05/japans-rikunabi-scandal-shows-dangers-privacy-law-loopholes)
 - [Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox](https://fingerprintjs.com/blog/external-protocol-flooding/)
 - [Junk food ads don’t just harm children’s health—they also infringe on their online privacy](https://thecounter.org/junk-food-ads-harm-childrens-health-online-privacy-social-media-coca-cola/)
 - [Ads Are Impersonating Government Websites in Google Results, Despite Ban](https://themarkup.org/google-the-giant/2021/05/13/ads-are-impersonating-government-websites-in-google-results-despite-ban)
 - [Censorship, Surveillance and Profits: A Hard Bargain for Apple in China](https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html)
 - [GCHQ’s mass data interception violated right to privacy, court rules](https://www.theguardian.com/uk-news/2021/may/25/gchqs-mass-data-sharing-violated-right-to-privacy-court-rules)
 - [AI emotion-detection software tested on Uyghurs](https://www.bbc.co.uk/news/technology-57101248)
 - [England’s NHS plans to share patient records with third parties](https://www.ft.com/content/9fee812f-6975-49ce-915c-aeb25d3dd748)
 - [Millions of People's Location Data Revealed a Universal Pattern In Study](https://www.vice.com/en/article/epnzkm/millions-of-peoples-location-data-revealed-a-universal-pattern-in-study)
 - [noyb aims to end “cookie banner terror” and issues more than 500 GDPR complaints](https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-issues-more-500-gdpr-complaints)
 - [NSA spying row: Denmark accused of helping US spy on European officials](https://www.bbc.com/news/world-europe-57302806)


## Data Breaches

 - [Tour de Peloton: Exposed user data](https://www.pentestpartners.com/security-blog/tour-de-peloton-exposed-user-data/)
 - [19 petabytes of data exposed across 29,000+ unprotected databases](https://securityaffairs.co/wordpress/117660/data-breach/data-exposed-unprotected-databases.html)
 - [Huge Eufy privacy breach shows live and recorded cam feeds to strangers](https://9to5mac.com/2021/05/17/huge-eufy-privacy-breach/)
 - [Nearly 200K Medical Records of US Military Veterans Leaked](https://securethoughts.com/us-military-veterans-medical-data-leakage/)
 - [E-commerce giant suffers major data breach in Codecov incident](https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/)
 - [Data of 100+ million Android users exposed via misconfigured cloud services](https://www.bleepingcomputer.com/news/security/data-of-100-plus-million-android-users-exposed-via-misconfigured-cloud-services/)
 - [Air India data breach impacts 4.5 million customers](https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/)
 - [Indonesia’s national health insurance scheme leaks at least a million citizens' records](https://www.theregister.com/2021/05/24/indonesia_health_data_breach/)
 - [1.7 million affected by hack of top Japan dating app](https://today.rtl.lu/news/business-and-tech/a/1727151.html)
 - [Audio maker Bose discloses data breach after ransomware attack](https://www.bleepingcomputer.com/news/security/audio-maker-bose-discloses-data-breach-after-ransomware-attack/)
 - [Domino's India discloses data breach after hackers sell data online](https://www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/)


## Paper/Report

 - [Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States](https://recyclednumbers.cs.princeton.edu/)
 - [School Mobile Apps Student Data Sharing Behavior](https://me2ba.org/school-mobile-apps-student-data-sharing-behavior/)
 - [The billion-dollar business of surveillance advertising to kids](https://neweconomics.org/2021/05/i-spy)
 - [Mobile app developers’ misconfiguration of third party services leave personal data of over 100 million exposed](https://research.checkpoint.com/2021/mobile-app-developers-misconfiguration-of-third-party-services-leave-personal-data-of-over-100-million-exposed/)
 - [Blocking without Breaking: Identification and Mitigation of Non-Essential IoT Traffic](https://arxiv.org/abs/2105.05162)
